Use doas.conf to permit root with nopass option. See doas.conf(5).
> On Jul 2, 2019, at 4:43 AM, [email protected] wrote: > > This isn't a bug per se, more of an incongruity in how security-centric tools > work wrt root, specifically doas and chroot/su/other: > > joe@drogo$ doas -s > drogo# doas -u chohag -s > doas (root@drogo) password: > doas: Authorization failed > drogo# chroot -u chohag / > drogo$ ^D > drogo# su -l chohag > drogo$ ^D > > Obviously a little one-liner or tiny C app could achieve the same result too. > > I assume this is more or less known, since each tool is working to its > designed spec, so is the above ultimately the desired behaviour? Should doas > ask even for root's password while myriad other ways of obtaining any user ID > do and probably always will exist? > > On some servers root doesn't have a password. > > Matthew >
